Awesome Hyper-V Exploitation

A curated list of Hyper-V exploitation resources, fuzzing and vulnerability research.

If you want to contribute, please read the guide.

For a broader list of virtualization related links, see Awesome Virtualization.

Table of Contents

• Conference Talks & Slides
• Blog Posts
• References & Resources
• Security Research Tools

Conference Talks & Slides

Conference talks/slides related to vulnerabilities and exploits in Hyper-V

• Hypervisor Vulnerability Research: State of the Art - by Alisa Esage, Zer0Con [2020]
  • Slides
• Attacking Hyper-V - by Jaanus Kääp, POC [2019]
  • Slides
• Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine - by Joe Bialek, BlackHat USA [2019]
  • Slides
• Growing Hypervisor 0day with Hyperseed - by Daniel King & Shawn Denbow, OffensiveCon [2019]
  • Slides
• Hardening Hyper-V Through Offensive Security Research - by Jordan Rabet, BlueHat [2018]
  • Slides
• A Dive in to Hyper-V Architecture & Vulnerabilities - by Joe Bialek & Nicolas Joly, TenSec [2018]
  • Slides
• VBS and VSM Internals - by Saar Amar, BlueHat IL [2018]
  • Slides
• The Hyper-V Architecture and its Memory Manager - by Andrea Allievi, REcon [2017]
• Ring 0 to Ring -1 Attacks - Hyper-V IPC Internals - by Alex Ionescu, SyScan [2015]
  • Slides

Blog Posts

Security research blog posts for learning how to find vulnerabilities/exploit Hyper-V

• First Steps in Hyper-V Research - by Saar Amar, MSRC Blog [2018]
• Fuzzing para-virtualized devices in Hyper-V - by Secure Windows Initiative Attack Team, MSRC Blog [2019]
• Attacking the VM Worker Process - by Saar Amar, MSRC Blog [2019]
• Ventures into Hyper-V - Fuzzing hypercalls - by Amardeep Chana, MWR Labs [2019]
• Writing a Hyper-V "Bridge" for Fuzzing -- Part 1: WDF - by Alex Ionescu [2019]
• Writing a Hyper-V "Bridge" for Fuzzing -- Part 2: Hypercalls & MDLs - by Alex Ionescu [2019]

References & Resources

Useful Hyper-V research references and resources

• Microsoft Hyper-V Bounty Program - by Microsoft
• Hyper-V symbols for debugging - by Microsoft
• Hyper-V Internals - by Gerhart
• Hyper-V Architecture by Microsoft Docs
• Hyper-V Hypervisor Top-Level Functional Specification - by Microsoft Docs
• Install Hyper-V on Windows 10 - by Microsoft Docs
• Create Virtual Machine with Hyper-V on Windows - by Microsoft Docs
• Run Hyper-V In a Virtual Machine with Nested Virtualization - by Microsoft Docs

Security Research Tools

Tools for doing security research and introspection on Hyper-V

• hdk -- (unofficial) Hyper-V Development Kit - by Alex Ionescu
• Viridian Fuzzer -- Kernel driver to fuzz Hyper-V hypercalls - by Amardeep Chana, MWR Labs
• LiveCloudKd - by Matt Suiche, Comae Technologies
• HyperViper -- Toolkit for Hyper-V security research - by Jaanus Kääp, Clarified Security